Oy 


/) 
Mf 


‘li ! 


Y 


My} 
ae 
\ 


y 


jninony /) 


MMI 
} \ TT 
I) Hy} ] 7 \ i | 
My 
} 
) 


aN 
y q 


ay : | | 
} i] / 


\ 


Number theory 


i 


j 


r Th 
— @ 
a ; 5 
g & 2 .& : 
a FF c'y 
o.hUF 0.4 6 
FL 4 a (¥) 
U os 
“ <= 
N 
wn 
= 


* See, 

-_ 
——— 

—~_— 


i nal >, > ms \" 


OE ng ST a eR, SEE Sn 0 9 ce Re aT ie Mig II 


‘ , . 
‘ i » & 
iat eye 
= Ls ie ; 
> . ca J 
7: 5 nd } i 7 #, 
ie, ‘ 
a ( 
[ : * - satiate is " m, ‘ + 2 
ae . 

. we ig a ( 

‘iy cee : Sar h \ 

, rf L 
° _ c 2 4 j 
: ‘ , es . ry 
1 7 
. H : 
. i 
|} 2 
a - 


MS221 Chapter D2 


BLOCK D 
STRUCTURE IN MATHEMATICS 


Number theory 


<2. 
~ 
ws 


oring 


8 
: 
XY 
= 
° 
= 


Exp 


Prepared by the course team 


About this course 


This course, MS221 Exploring Mathematics, and the courses MU120 Open 
Mathematics and MST121 Using Mathematics provide a flexible means of entry 
to university-level mathematics. Further details may be obtained from the 
address below. 


MS221 uses the software program Mathcad (MathSoft, Inc.) to investigate 
mathematical concepts and as a tool in problem solving. This software is 
provided as part of the course. 


This publication forms part of an Open University course. Details of this and 
other Open University courses can be obtained from the Course Information and 
Advice Centre, PO Box 724, The Open University, Milton Keynes, MK7 6ZS, 
United Kingdom: tel. +44 (0)1908 653231, e-mail general-enquiries@open.ac.uk 


Alternatively, you may visit the Open University website at 
http: //www.open.ac.uk where you can learn more about the wide range of 
courses and packs offered at all levels by The Open University. 


To purchase a selection of Open University course materials, visit the webshop 
at www.ouw.co.uk, or contact Open University Worldwide, Michael Young 
Building, Walton Hall, Milton Keynes, MK7 6AA, United Kingdom, for a 
brochure: tel. +44 (0)1908 858785, fax +44 (0)1908 858787, e-mail 
ouwenq@open.ac.uk 


The Open University, Walton Hall, Milton Keynes, MK7 6AA. 
First published 1997. Second edition 2004. 
Copyright © 2004 The Open University 


All rights reserved; no part of this publication may be reproduced, stored in a 
retrieval system, transmitted or utilised in any form or by any means, electronic, 
mechanical, photocopying, recording or otherwise, without written permission from 
the publisher or a licence from the Copyright Licensing Agency Ltd. Details of such 
licences (for reprographic reproduction) may be obtained from the Copyright 
Licensing Agency Ltd, 90 Tottenham Court Road, London W1T 4LP. 


Open University course materials may also be made available in electronic formats 
for use by students of the University. All rights, including copyright and related 
rights and database rights, in electronic course materials and their contents are 
owned by or licensed to The Open University, or otherwise used by The Open 
University as permitted by applicable law. 


In using electronic course materials and their contents you agree that your use will 
be solely for the purposes of following an Open University course of study or 
otherwise as licensed by The Open University or its assigns. 


Except as permitted above you undertake not to copy, store in any medium 
(including electronic storage or use in a website), distribute, transmit or re-transmit, 
broadcast, modify or show in public such electronic materials in whole or in part 
without the prior written consent of The Open University or in accordance with the 
Copyright, Designs and Patents Act 1988. 


Edited, designed and typeset by The Open University, using the Open University 
TRX System. 


Printed and bound in the United Kingdom by The Charlesworth Group, 
Huddersfield. 


ISBN 0 7492 6653 8 
Fg | 


Contents 


Study guide 
Introduction 


1 Congruence 
1.1 Division 
1.2 Congruences and their properties 
1.3 Repeated squaring 
2  Divisibility tests 
2.1 Division by 3, 9 and 11 
2 tervision by 2, 4,%, ... 
2.3. Division by 6 and 12 
2.4 Division by 7 and 13 


3 Modular arithmetic 
3.1 Modular addition and multiplication 
3.2 Multiplicative inverses 
3.3 Fermat’s Little Theorem 
3.4 Fermat’s legacy 
4 Cryptography 
4.1 Additive ciphers and multiplicative ciphers 
4.2. Exponential ciphers and RSA ciphers 
5 Number theory and Mathcad 
Summary of Chapter D2 
Learning outcomes 
Solutions to Activities 
Solutions to Exercises 


Index 


CONN ot ® 


i 


15 
15 
We 
17 
18 


Pa 
ps 
23 
vi 
30 
32 
32 
30 
AO 
Al 
4] 
42 
A5 


AS 


Study guide 


This chapter is best studied in the following four 
sessions. 


Study session 1: Sections 1 and 2. 
Study session 2: Section 3. 
Study session 3: Section 4. 
Study session 4: Section 5. 


The first two sessions are longer than the other 
two, the last of which is based on Mathcad. 
Subsection 3.4 will not be assessed. 


If you prefer a short first session, then note that 
Section 2 may be studied at any time after 
Section 1. Also note that, although the Mathcad 
activities have been presented at the end of the 
chapter, there are margin notes throughout the 
earlier sections suggesting other appropriate 
points at which to try them. 


Throughout this chapter there is a lot of 
arithmetic for you to do and for you to check (if 
you wish to). So make sure that your calculator is 
to hand whenever you work on the chapter. Of 
course, you may prefer to do arithmetic with the 
aid of Mathcad (when this is convenient). 


This chapter contains a number of formally stated 
results and their proofs. It is not intended that 
you should be able to construct such proofs for 
yourself, but you should aim to work through as 
many as you can. Make a serious effort to 
understand each proof, but do so within a 
timetable which ensures that you complete your 
study of the chapter in a reasonable time. 


The optional Video Band D(iii), Algebra 
workout — Modular arithmetic, could be 


viewed at any stage during your study of 
this chapter. 


Introduction 


In this chapter we return to basics and look more closely at the positive 
integers 1,2,3,..., and their properties. The careful study of these 
numbers goes back at least to the Ancient Babylonians who knew, for 
example, how to find triples of positive integers x, y and z, such that 

go? ty? = 2. 
But it was the Ancient Greeks who made the first serious development of 
what is now called number theory. For example, Euclid studied the prime 
numbers 


eos. 7 71-43, 17, 19, 23, 29. 3-87.41... 


those positive integers which cannot be expressed as a product of smaller 
factors and showed, by an ingenious argument, that there are infinitely 
many such numbers. On the other hand, Euclid seems to have taken for 
granted that every positive integer greater than 1 has a unique prime 


factorisation; that is, it can be expressed as a product of prime numbers in 


only one way (apart from the order of the prime numbers). Though true, 
this fact is not at all obvious! 


After the Ancient Greeks, there was little work done on number theory in 
the western world until the 17th Century when the French amateur 
mathematician P. de Fermat took up the subject and discovered many 
results which now form its foundations. Unfortunately, Fermat published 
few proofs and it was left to his successors, L. Euler and C. F. Gauss, to 
establish these foundations securely, and develop the subject further. 
However, Fermat’s influence continues to be felt, partly because he left 
later generations of mathematicians one of their most challenging 
problems: 


Do there exist positive integers x, y, z and n, with n > 3, such that 
ty =2 
This was finally answered in 1994, after many earlier attempts. 


Number theory abounds with tantalising problems of this type, which are 
studied for their own intrinsic interest, with no view to applications. This 


does not mean that the subject is without applications, though the English 


mathematician G. H. Hardy clearly felt that there were none when he 
wrote: 


If the theory of numbers could be employed for any practical and 
obviously honourable purpose, if it could be turned directly to the 
furtherance of human happiness or the relief of human suffering, as 
physiology and even chemistry can, then surely neither Gauss nor any 
other mathematician would be so foolish as to decry or regret such 
applications. But science works for evil as well as for good (and 
particularly, of course, in time of war); and both Gauss and lesser 
mathematicians may be justified in rejoicing that there is one science 
at any rate, and that their own, whose very remoteness from ordinary 
human activities should keep it gentle and clean. 


In this chapter you will meet some of the basic techniques used in number 


theory. In particular you will encounter a theorem of Fermat’s about prime 


numbers which Hardy would have regarded as elegant but essentially 


For example, 

Poe =o" 
and 

5? + 12% = 137. 


It is conventional not to 
include 1 as a prime number. 


For example, Gauss was the 
first to publish a proof of the 
above result on unique prime 
factorisation. 


See Subsection 3.4. 


From Hardy, G. H. (1940) 
A Mathematician’s Apology, 
Cambridge, Cambridge 
University Press. 


CHAPTER D2) NUMBER THEORY 


trivial, and you will see that this ‘trivial’ theorem has turned out to have 
fundamental applications in the very practical area of cryptography! 


In order to feel confident about the truth of such theorems and their 
applications, it is essential that clear reasoning is used to justify them. 
You will find that this chapter includes a larger number of results and 
their proofs than earlier ones, and this makes it somewhat more abstract. 


The results in the chapter have been labelled with the usual names found 
in mathematics texts: 


© atheorem is a key result, or list of key results; 
© a lemma is a minor result, usually preparing the way for a theorem; 


© acorollary is a straightforward consequence of a theorem, often a 
special case of it. : 


Strictly speaking, there is no formal difference between these types of 
results — they could all be called theorems. The names have been chosen 
to give some indication of the relationship between, and relative 
importance of, the results. They might have been chosen differently by a 
different author. 


Finally, note that in this chapter we shall not discuss the general topic of 
‘methods of proof’. This will be tackled in Chapter D4. 


1 Congruence 


1.1 Division 


At an early age we learn how to divide one positive integer by another to 
obtain a quotient and a remainder. For example, 32 divided by 5 gives 
quotient 6 and remainder 2, because 32 = 6 x 5+ 2. In general, if we 
divide any positive integer by 5, then the remainder will be one of the 
numbers 0, 1, 2, 3, 4. 


Occasionally, we shall need to divide a negative integer by a positive 
integer. You might guess that, since —32 = —6 x 5 — 2, the quotient would 
be —6 and the remainder —2. However, when studying the properties of 
integers it is more convenient to insist that the remainder on division by 5 
is always one of the numbers 0, 1, 2, 3, 4. With this preference in mind, we 
can write 


—32= -7x5+4+3 
to give the quotient —7 and remainder 3. 


Experience with long division suggests that a division process of this type 
can be carried out for any given integer a and positive integer n. Since this 
is so important in what follows, we state it as our first theorem. 


Theorem 1.1 Division Algorithm Strictly speaking, this 
theorem is not an algorithm, 
but ‘Division Algorithm’ is 
the traditional name for it. 


Let a and n be integers, with n positive. Then there are unique 


integers g and r such that 


c=—m+r, wih O< r <n. 


The number g is called the quotient and r is called the remainder, on 
division by n. If r = 0, then we say that a is divisible by n, and in this 
case n is called a divisor or factor of a. 


To see why this theorem is true, we mark the (integer) multiples of n on a __In this chapter a multiple is 
number line and then observe in which of the resulting intervals of length always an integer multiple. 
n the integer a lies. Let a lie in the interval from qn to (¢+1)n, as in 


Figure 1.1. 
a-—qn=r 
o> 
a 
— | | | ee 
—2n —n 0 n 2n ———— (qt+1)n 
Figure 1.1 


This picture should convince you that there is a unique integer gq such that 
gies @<.(q+ 1)n. (ick 


Thus, if we put r=a-—qn, thena=qn+rand0<r<vn. This is the 
required result. 


Theorem 1.1 describes what we shall mean by division of an integer a by a 
positive integer n. If a happens to be positive, then the quotient gq and 


Here floor(z) is the greatest 
integer which is less than or 
equal to x. In most 
mathematics texts, this 
function is denoted by [z]. 


We have r = a — qn. 


CHAPTER D2) NUMBER THEORY 


remainder r can be found by long division. When working with a_ 
calculator, however, it is convenient to rewrite (1.1) in the form 


a 
q< _ <q+1, which implies that gq= floor (“ ) ; 
n 


For example, if a = 1000 and n = 13, then 


q= floor (E™) = Hoort76.92 ...) = 76, 
SO 
r = 1000 — 76 x 13 = 1000 — 988 = 12. 
This method also works if a is negative. For example, if a = —1000 and 
n = 13, then 
i= floor(——™ ) = floor(—76.92...) = —77, 
SO 


r = —1000 — (—77) x 13 = —1000 + 1001 = 1. 


Activity 1.1 Practising division 


For each of the following integers a and n, find the quotient and remainder 
on division of a by n. 


ewe fe 
(b) a= —100, n= 11 
(c) a = 987654321, n =8 


Solutions are given on page 42. 


Activity 1.2 Sharing remainders 


Draw a number line and mark on it all the integers between —9 and 9 
which give remainder 1 on division by 3. What pattern do you notice? 


Comment 


—~§ -8 -7f —6 -5 =4 =3 -7 -I 0 1-2 3 42 5 6 * FY 
Figure 1.2 


These numbers are evenly spaced, their differences being multiples of 3. 
Notice that they include 1, since 1=0x3+1. 


1.2 Congruences and their properties 


Suppose that n is a positive integer. The outcome of Activity 1.2 suggests 
that the following assertions about two integers a and 6 are closely related: 


(1) a and b have the same remainder on division by n; 
(2) a and b differ by a multiple of n. 


SECTION 1 CONGRUENCE 


In fact these assertions are equivalent to each other, in the sense that if (1) 
is true then (2) is true and, conversely, if (2) is true then (1) is true. 


For example, suppose that (1) is true. Then, by the Division Algorithm, 
a=pn+r and b=qn+r, 

where p and g are quotients and r is the common remainder. Thus 
a—b=(pn+r)—(qn+r)=(p—q)n, 


so a and 6 do indeed differ by a multiple of n; that is, (2) is true. We now 
ask you to try and prove the converse result that if (2) is true then (1) is 
true. 


Activity 1 a2 proof 


Prove that if (2) is true, then (1) is true. 


(One approach is to assume that a has remainder r on division by n, and 
use the fact that a — b is a multiple of n to deduce that b also has 
remainder r on division by n.) 


A solution is given on page 42. 


Since integers with the same remainder on division by n are so closely 
related in this way, it is useful to introduce the following terminology and 
notation. This was invented by the great German mathematician 

C. F. Gauss and appeared in his book Disquisitiones Arithmeticae (1801), 
where he laid the foundations of modern number theory. 


Definition 


Let n be a positive integer. Two integers a and b are congruent 
modulo n if a— 6 is a multiple of n; that is, if a and b have the same 
remainder on division by n. 


In symbols we write 


a =b(mod n). We say ‘a is congruent to b 
modulo n’. 


Such a statement is called a congruence, and n is called the 
modulus of the congruence. You have seen other meanings 
for the word ‘modulus’ in this 


course. It is important to 


The word congruent means ‘the same’; two numbers which are congruent interpret technical terms 
modulo n are the same, apart from multiples of n. according to the current 
context. 
For example, 
3 = 25 (mod 11), since 3 — 25 = —22 is a multiple of 11, It is usually convenient to 


check a congruence by 
considering the difference 


7 = —26 (mod 11), since 7 — (—26) = 33 is a multiple of 11. a— b. 


and 


On the other hand, 12 and 8 are not congruent modulo 11, since 
12 —8 = 4 is not a multiple of 11. In this case, we write 12 4 8 (mod 11). 


10 


CHAPTER D2) NUMBER THEORY 


Activity 1.4 Checking congruences 


Decide which of the following congruences are true and which are false. 
(a) 7 =3 (mod 4) (b) 7 =3 (mod 8) (c) 5 = —3 (mod 4) 
(d) 63 = 63 (mod 37) (e) 35 = —9 (mod 4) (f) —9 = 35 (mod 4) 


Solutions are given on page 42. 


Comment 


Notice that changing the modulus of a congruence, as in parts (a) and (b), 
may affect the truth of the congruence. 


The examples in Activity 1.4 may have suggested to you that congruences 
have various general properties, and can even be combined in certain ways. 
For example, the congruences 


7 = 3 (mod 4), = -—3(mod 4), 35 = —9 (mod 4), 


suggest that two given congruences can be ‘multiplied’ to produce a new 
congruence. Our next theorem gives a list of such basic properties of 
congruences. 


Theorem 1.2 Properties of Congruences 
Let n and k be positive integers, and a, b, c, d be integers. Then 
a) (mod n); 
b) if a= b (mod n), then b = a (mod n); 
c) if a= b (mod n) and b=c (mod n), then a = c (mod n); 
d) if a = b (mod n) and c=d (mod n), then a+c=b+d (mod n); 
e) ifa=b (mod n) and c=d (mod n), then ac = bd (mod n); 
( 


f) ifa=b (mod n), then a* = b* (mod n). 


( 
( 
( 
( 
( 
( 


This list may look rather forbidding, but each of these six properties is 
quite simple. 


Properties (a), (b) and (c) are easy to prove; for example, the truth of 
property (c) is evident if it is rewritten as follows: if a and b have the same 
remainder on division by n, and b and c also have the same remainder on 
division by n, then this is also true of a and c. This property enables us to 
string together a list of congruences with the modulus at the end: 


a =b=c(mod n). 
To prove property (d), note that if a = b (mod n) and c=d (mod n), then 
a—b=kn and c—d=In, Sims 
for some integers k and /. Adding these two equations gives 
(a—b)+(c—d)=kn-+ In; 
that is, 
(a+c)—(b4+d) =(k+1)n, 
which implies that a+c=6+d (mod n), since k +1 is an integer. 


SECTION 1 CONGRUENCE 


Activity 1.5 Subtracting congruences 


Prove that if a = b (mod n) and c=d (mod n), then 
a—c=b-—d(modn). 


A solution is given on page 42. 


The proof of property (e) also follows from equations (1.2), by writing 
ac = (b+ kn)(d+ In) 
= bd+ n(kd + 1b + kin). 


Since kd +1b+ kin is an integer, this shows that ac — bd is a multiple of n, 
and hence that ac = bd (mod n). 


Finally, property (f) is proved by repeated application of property (e) with 
c=aandd=b. Since a= b (mod n), we deduce that 
a” = b’ (mod n) and hence a® = b® (mod n), 


and so on. Thus if a = 6 (mod n), then a* = b* (mod n), for all positive 
integers k. 


It is property (f) which shows how powerful this idea of congruence can be. 
For example, consider the congruence 


71 = —1 (mod 8). 


There is nothing remarkable about this congruence, but let us now apply 
property (f) to it, with k = 1000. We deduce that 


71°°° = (—1)"° (mod 8); that is, 71'°°° = 1 (mod 8), 
because 1000 is an even integer. Thus 71/0°° has remainder 1 on division 
by 8. 


The number 71/°°° is huge. It would be extremely difficult to determine its 
value and then discover its remainder on division by 8 directly. With 
property (f), however, we obtain the answer immediately. Moreover, we 
know that the remainder on division by 8 would still be 1 if we replaced 
1000 by 10000, or indeed by any even positive integer! 


Before offering you the chance to try your hand at finding remainders of 
these ‘high-powered’ numbers, we give a slightly more complicated 
example. In this example, we want to find the remainder when 3'°° is 
divided by 13. The approach we use is to calculate the remainders on 
division by 13 of the successive powers of 3, continuing until a repeating 
pattern emerges. 


We deal with the first few powers directly: 
3 = 3 (mod 13), 3° = 9 (mod 13), 3° = 27 = 1 (mod 13). 
Now, we repeatedly multiply by 3 and use property (e): 
3* = 3 (mod 13), 3° = 9 (mod 13), 3° =1 (mod 13). 
Thus, the remainders form the repeating sequence 3,9,1,3,9,1,..., with 


3° = 1 (mod 13), whenever k is a positive multiple of 3. 


Here we use 
2 


 =2 % a 
aX =ax a’ 
and so on. 


Certainly this number is too 
large for your calculator to 
handle. 


Althoigh.3* = 3,37 = 9 and 
3° = 27, it looks neater to use 
= when working with 
congruences. 


11 


You can check your answers 
to this activity by using the 
Mathcad file 221D2-01. 


See Activity 1.6(c). 


12 


CHAPTER D2 NUMBER THEORY 


Since 999 is a multiple of 3, 
3°°° = 1 (mod 13), 

and so 
3°9°° = 3 (mod 13). 


Hence, 310°? has remainder 3 on division by 13. 


Activity 1.6 Finding remainders by repeated multiplication 


Use repeated multiplication to find the remainder when 
(a) 2°° is divided by 7; 
(b) 4'°° is divided by 10; 
(c) 5*°° is divided by 7. 
Comment 
(a) 21 =2 (mod 7), 2? = 4 (mod 7), 2* = 8=1 (mod 7), so 
2" = 1 (mod 7), whenever k is a positive multiple of 3. 
Hence 2°° = 1 (mod 7) and so 
So x2 = 1 xX 4=a2fmod 7). 
Thus the remainder is 4. 
(b) 44 =4 (mod 10), 47 = 16 = 6 (mod 10), 4° = 24 = 4 (mod 10), so 
4" = 4 (mod 10), whenever k is an odd positive integer. 
Hence 4°? = 4 (mod 10) and so 
4*°° = 6 (mod 10). 
Thus the remainder is 6. 


(c) 51 =5 (mod 7), 5? = 25 = 4 (mod 7), 5° = 20 = 6 (mod 7), 
54 = 30 = 2 (mod 7), 5° = 10 = 3 (mod 7), 5° = 15 = 1 (mod 7), so 


5° = 1 (mod 7), whenever k is a positive multiple of 6. 
Hence 5°° = 1 (mod 7) and so 
5100 = 5° x 5* = 1 x 2 = 2 (mod 7). 


Thus the remainder is 2. 


In Activity 1.6(c) you may have begun to wonder whether the process of 
taking higher and higher powers will always lead to a repeating pattern of 
remainders. The answer to this question is ‘yes’. The remainders all belong 
to the same set of integers 0,1,2,...,2—1, where n is the modulus. So if 
we carry on calculating powers long enough, then eventually we obtain a 
remainder that was found earlier, and a repeating pattern must follow. 
Part (b) shows that remainder 1 does not always appear. 


The calculation of these remainders can usefully be arranged in a table of 
the following kind. 


It helps to spot repeating patterns by including the entries for k = 0. 


SECTION 1 CONGRUENCE 


Warning 


We have made repeated use in these calculations of the fact that 
congruences can be ‘multiplied’ by an integer; that is, if a = b (mod n), 
then ca = cb (mod n). 


This is a special case of Theorem 1.2, property (e). However, congruences 
cannot, in general, be ‘divided’ by an integer; a counter-example is 


10=6(mod 4) but 5 #3 (mod 4). 


1.3 Repeated squaring 


In some applications, we need to find remainders when much larger 
numbers are involved. For example, even to find the remainder of 14?’ on 
division by 55, involves calculating the following remainders. 

14* 
14* (mod 55) 


This calculation is evidently tedious, involving repeated multiplication by 
14 and then finding of remainders modulo 55. 


A more efficient method, especially for large numbers, uses the idea of 
repeated squaring. This enables us to calculate the remainders on division 
by bo eee 14, 14*,14°,.... 
14* = 14 (mod 55) 
147 = 196 = 31 (mod 55) 
14* = (147)? = 31? = 961 = 26 (mod 55) 
14° = (14*)? = 26” = 676 = 16 (mod 55) 
14*° = (14°)? = 16? = 256 = 36 (mod 55) 
Now, we can express 27 as the sum of powers of 2 as follows: 
ai =44-24+8 + 16: 
Thus 
a =10 x 12 x 14° 14" (mod 55) 
= 14 x 31 x 16 x 36 (mod 55) 
= 249 984 = 9 (mod 55). 
A given positive integer k can always be expressed as a sum of powers of 2, 


as follows. First find the largest power of 2, say 2”, which is less than or 
equal to k. Then 


=o” +s, where 0 < k' < 2”. 


Now repeat this process with k’ instead of k, and continue until the 
remainder term is 0 or 1. For example, k = 19 gives 


19 = 16+ 3, 
so k’ = 3 and 

ee Se 
Hence 


19=16+2-+1. 


A counter-example is an 
example which shows that an 
assertion is false. 


See Section 4. 


Alternatively, use 


14 x 31 = 49 (mod 55), 
49 x 16 = 14 (mod 55), 
14 x 36 = 9 (mod 55). 


13 


You can check your answer to 
this activity using the 
Mathcad file 221D2-01. 


See the solution to 
Activity 1.7. 


14 


CHAPTER D2 NUMBER THEORY 


Activity 1.7 Finding remainders by repeated squaring 


Use the method of repeated squaring to show that 
15’? = 25 (mod 55). 


A solution is given on page 42. 


The calculation of ‘repeated squares’ remainders can also be arranged in a 
table. 


ee 15! | 15? | £5* eee 
157° (mod 55).).15|) 5a Sie Lo es 


We shall find such tables useful in Section 4. 


Summary of Section 1 


In this section you have: 


© met the notion of congruence, which arises by considering remainders 
on division by positive integers; 


© seen how the rules for manipulating congruences make it possible to 
determine the remainders of large powers on division by positive 
integers. 


Exercises for Section 1 


Exercise 1.1 

Use repeated multiplication to find the remainder when 
(a) 4’ is divided by 11; 

(b) 8'° is divided by 25. 

Exercise 1.2 


Find the remainders in Exercise 1.1 using repeated squaring. 


2  Divisibility tests 


In his book Further Mathematical Diversions, Martin Gardner, the 
celebrated writer of popular mathematics, observed the following. 


A dollar bill that I have just taken from my wallet bears the serial 
number 61671142. A schoolboy could say at once that this number is 
exactly divisible by 2 but not by 5. Is it divisible |[...] by 3? By 4? 
By 11? Few people, including many mathematicians, know all the 
simple rules by which large numbers can be tested quickly for 
divisibility by numbers 1 through 12. The rules were widely known 
during the Renaissance, before the invention of decimals, because of 
their usefulness in reducing large-number fractions to lowest terms. 
Even today they are handy rules for anyone to know. 


In this section, we use congruences to discover simple rules for finding the 
remainders when a large number, such as 61671 142, is divided by any 
positive integer up to and including 13. It may already have occurred to 
you that such remainders can be found in a few steps using your 
calculator, but the rules given here can be used for much larger numbers 
(too large for the calculator to handle directly) should the need arise. 


These rules for finding remainders yield simple tests for diviszbility when 
used to check for remainder 0. 


2.1 Division by 3, 9 and 11 


A simple test for divisibility by 3 involves forming the sum of the digits of 
the given number. If the resulting digit sum has more than one digit, 
then the process is repeated until a single digit remains. The original 
number is divisible by 3 if and only if this single digit is divisible by 3. For 
example, with 61671142 the successive digit sums are 


6+14+64+7414+14+44+2=28, 2+8=10, 1+0=1. 
Since 1 is not divisible by 3, it follows that 61671 142 is not divisible by 3. 
Let us see why this test works. Consider a positive integer a with digits 
Qo (units), a, (tens), a» (hundreds), and so on. 
Thus 
G@ = a) + a; X 104+ ag x 10° +--+» +410”, 
where m+ 1 is the number of digits in a. 


Now we use the fact that 10 = 1 (mod 3) to deduce, by Theorem 1.2, 
property (f), that 


10'=1(mod 3), 10*=1(mod 3), 10° =1 (mod 3),.... (24) 
Next we use Theorem 1.2, properties (d) and (e), to deduce that 
a=ajta, x l+az,x1+---+4am Xx 1 (mod 3) 
=a) +a, + a2 +--+, (mod 3). 


Therefore, a and its digit sum have the same remainder on division by 3, 
as do all the successive digit sums. 


For example, the numbers 
its i442, 26, -10,.1 


all have remainder 1 on division by 3. 


For example, 61671142 = 
2+4x10+1x10°+--- 


ex 10°. 


15 


This 16 digit number is 


presented as you might see it 


on a credit card. 


Here 
r= 
10° 
iG = 


and so on. 


16 


1 (mod 11), 
—1 (mod 11), 
1 (mod 11), 


CHAPTER D2 NUMBER THEORY 


Activity 2.1 Division by 3 


Find the remainder when 


6341 7231 1083 2864 is divided by 3. 


Comment 


The successive digit sums are 59, 14, 5, and so the remainder on division 
by 3.16 2. 


You could have deduced the answer directly from the first digit sum, 59. 


Activity 2.2 Division by 9 
(a) Explain why the digit sum method described above also works for 
division by 9. 
(b) Find the remainder when 
6341 7231 1083 2864 is divided by 9. 


Comment 


(a) The digit sum method depends on congruences (2.1) and these 
congruences also hold modulo 9, because 10 = 1 (mod 9). Therefore 
the digit sum method works for division by 9. 


(b) Using the digit sums found in Activity 2.1, we find that the remainder 
on division by 9 is 5. 


The divisibility test for 11 is slightly different. It uses the fact that 
10 = —1 (mod 11), from which we deduce that 


10° = (—1)* (mod 11), “for k = 7,,2,..... 


Therefore, if 

dig ty ~A0-+ oe & 1074-4 + Haye 10", 
then 

a = dp — a, + Ag —--- + (— 1)”, (mod 11). 


Thus a has the same remainder on division by 11 as its alternating digit 
sum, which starts with the units digit. For example, with a = 61671 142, 
the alternating digit sum is 


2—-4+1=-1+ 7-64 1-62] 2 


Since —6 = 5 (mod 11), it follows that 61671142 gives remainder 5 on 
division by 11. 


Activity 2.3 Division by 11 


Find the remainder when 


6341 7231 1083 2864 is divided by 11. 


Comment 

The alternating digit sum is 
4 = GS — 2 S— 440 = 414 1 os ee See 
= 22—37 ==. 


SECTION 2 DIVISIBILITY TESTS 


Since —15 = 7 (mod 11), it follows that 6341 7231 1083 2864 gives 
remainder 7 on division by 11. 


Remark 


The number being tested may be so large that its alternating digit sum is 
again quite large. In this case, we can repeat the process of taking the 
alternating digit sum, as long as we remember to take account of any minus 
sign which appears. For example, in Activity 2.3 the alternating digit sum 
of —15 is —(5 — 1) = —4, which is indeed congruent to 7 modulo 11. 


2.2 Division by 2, 4, 8, ... 


Most people can recognise an even number by looking at its final digit, but 
rather fewer people can recognise one that is divisible by 4, in spite of the 
need to identify leap years. 


In fact, if 

Pa ee, < 10+. x 10° + --- +a, x 10”, 
then 

a= ag _ a, X 10 (mod A), 
since 107, 10°,..., are all divisible by 4. 
Therefore a has the same remainder on division by 4 as the number formed 
by its final two digits. For example, the number formed by the final two 
digits of 61671142 is 42, and so 61671142 has remainder 2 on division 


by 4. Similarly, we can find the remainder on division by 8 = 2°, by This approach extends to 


considering the number formed from the last three digits, and so on. division by 2* for each 
positive integer k because 10* 
is divisible by 2°. 
Activity 2.4 Division by 4 and 8 


Find the remainder when 


6341 7231 1083 2864 is divided (a) by 4 and (b) by 8. 


Comment 


(a) This number is congruent to 64 modulo 4, and so it is divisible by 4; 
hence the remainder is 0. 


(b) This number is congruent to 864 modulo 8, and so it is divisible by 8; 
hence the remainder is 0. 


You may like to check that this number is also divisible by 16 and 32, but 
not by 64. 


2.3 Division by 6 and 12 


To test a number for divisibility by 6, we simply apply the tests for 
divisibility by 2 and by 3, both of which must give the answer ‘yes’. ‘The 
actual remainder, rg say, on division by 6 can be deduced from the 
remainders rz and r3 obtained on division by 2 and by 3. One way to do 
this is to use the congruence 
Teg = 3r2 — 2r3 (mod 6). (2.2) We discuss why this 


congruence holds shortly. 


17 


18 


CHAPTER D2 NUMBER THEORY 


For example, we already know that 

61671142 = 0 (mod 2) and 61671 142 = 1 (mod 3), 
so rp = 0, r3 = 1. Hence © 

re = 3rq — 2r3 = —2 (mod 6), 
sorg= —2+6=4. 


A similar approach can be used to calculate the remainder rj on division 
by 12, given the remainders r3 and r, on division by 3 and 4. In this case 
we can use the congruence 


T12 = 4r3 — 3r4 (mod 12). (2.3) 
For example, since 61671142 = 1 (mod 3) and 61671142 = 2 (mod 4), 
112 = 4r3 — 3r, = —2 (mod 12), 
SO Tig = —2+12= 10. 


Activity 2.5 Division by 6 and 12 


Find the remainder when 


6341 7231 1083 2864 is divided (a) by 6 and (b) by 12. 


Solutions are given on page 42. 


Activity 2.6 Explanations 


Try to explain why the congruences (2.2) and (2.3) are true. 


Comment 


Suppose that a has remainder rz on division by 2 and remainder r3 on 
division by 3. This means that 


a = 2G9 + Fs and a= 393 + 173, 


where gq. and q3 are the respective quotients. We now manipulate these 
two equations to obtain a on the left-hand side and multiples of gz and q3 
which are divisible by 6 on the right-hand side: 
a = 3a — 2a 
= 3(2q2 + T2) — 2(3q3 + 73) 
= 6q2 = 6q3 + 392 ae 2r3. 
Thus a = 3r2 — 2r3 (mod 6), and so the remainder of a on division by 6 is 


congruent to 3r2 — 2r3 modulo 6. This justifies congruence (2.2). 


A similar reasoning justifies congruence (2.3). 


2.4 Division by 7 and 13 


There is no very simple rule for divisibility by 7 or by 13 but, for the sake 
of completeness, we include rules for these. ‘They are at least slightly 
quicker than long division. | 


SECTION 2. DIVISIBILITY TESTS 


Both rules depend on the intriguing factorisation 
Pat = x 11. x.32, 
which is the basis of various number tricks. Thus 
1000 = —1 (mod 7) and 1000 = —1 (mod 13). 
We shall consider division by 7 first. If 
an aw, x 10 + a> 10° +ag x 10° + a, « 10° +e x 1 +, 
then 
a = (ap +a, X 10+ a2 x 10”) + 10°(a3 + ay X 10+ a5 x 107) 
+ 10°(ag + a7 x 10+ ag x 107) +--- (mod 7). 
Using the fact that 1000 = —1 (mod 7), we obtain 
a = (ao + a, X 10 + a, x 107) — (ag + a4 X 10 + Gs Xx 10°) 
+ (ag + a7 X 10+ ag x 107) + --- (mod 7), 
which is an alternating sum of 3 digit numbers. 
So, if we 
© split a every 3 digits, starting from the right, 


© find the remainder of each 3 digit number on division by 7, Of course, the last number 
formed by the above splitting 
may have 1, 2 or 3 digits. For 
then the resulting number will be congruent to a modulo 7 (and much convenience, the phrase ‘3 
smaller than a). digit number’ is taken to 
apply also to the last number 
even if it has just 1 or 2 


61 | 671 | 142 digits. 
S| 6 } 2 {mod 7 


© form the alternating sum of these remainders, 


For example, if a = 61671142, then the remainders are as follows. 


| | | 142 = 2 (mod 7) 
The alternating sum of these remainders is 671 = 6 (mod 7) 


ee 61 = 5 (mod 7) 
and so a = 1 (mod 7). Hence the remainder of a on division by 7 is 1. 


Exactly the same rule can be used for division by 13, provided that the 
remainders are calculated after division by 13. For example, if 
a = 61671142, then the remainders are 


61 | 671 | 142 
9} 8 | 12 (mod 13) 


and their alternating sum is 
12-—8+9=158. 


Hence 61671142 = 13 (mod 13) = 0 (mod 13), and so 61671 142 is 
divisible by 13, as you can readily check on a calculator. 


Activity 2.7 Division by 7 and 13 


Find the remainder when 


6341 7231 1083 2864 is divided (a) by 7 and (b) by 13. 


Solutions are given on page 42. 


19 


20 


CHAPTER D2) NUMBER THEORY 


Summary of Section 2 


In this section you have seen various simple rules for finding the 
remainders on division of large numbers by small positive integers. 


Exercises for Section 2 


Exercise 2.1 
State simple rules for finding the remainder when a positive integer is 
divided by 2, 5 or 10. Explain why these rules hold. 
Exercise 2.2 
Find the remainders when 
5230 6120 0972 1753 
is divided by 
(a) 2, (b) 3, (ce) 4, (d) 5, (e) 6, (1) 7, fey, tS, fi) 10, (j) 445 (k) 12. 


Exercise 2.3 
(a) A rule for finding the remainder r;4 when a positive integer a is divided 
by 14, given the remainders rz and r7 on division of a by 2 and 7, is 
Ty4 = Tre — 6r7 (mod 14). 
Explain why this congruence is true. 


(b) Use this rule to find the remainder when the integer in Exercise 2.2 is 
divided by 14. 


3 Modular arithmetic 


In this section we introduce a new kind of arithmetic, called modular 
arithmetic, and use this arithmetic to derive a remarkable technique for 
finding the remainder of a large power on division by a prime number. 


3.1 Modular addition and multiplication 


Let n be a positive integer. Every integer is congruent modulo n to exactly While reading this subsection 
one of the numbers 0,1,2,...,2—1, by the Division Algorithm, and so it you may find it useful to try 
is convenient to have a notation for this special set of numbers. The the Mathcad file 221D2-02. 
notation Z for the integers {0,+1,+2,...} has been adapted to give 

be— 40, tb, 2... >, — 1}. 
See aoeipie, 7, — {0,1} and Z7 = {0, 1, 2, ... , 6}. 
We perform modular arithmetic on Z, by using an addition operation +,, 
and a multiplication operation x,,, which are defined as follows. 


Definition 


For a and 6 in Z,,, the operations +,, and xX,, are defined by: 


a+, 6 is the remainder on division of a+ 6 by n; In words, a+, b is 


a X, 6 is the remainder on division of a x 6 by n. ‘a plus b modulo n’ 


and a x,, bis 
For example, 2 and 4 are both in Zs and ‘a times b modulo n’. 
2+4=6, so 24+;4=1, 
meas sO 2x, 4 =. 
Modular arithmetic should not be completely new to you, as we regularly 


use the operation + 12, for example, when measuring time. For this reason For example, 2 o’clock is 
modular arithmetic is sometimes called ‘clock arithmetic’. 4 hours after 10 o’clock. 


Activity 3.1 Modular arithmetic 


Evaluate the following. 
(a) 4 “x 4, a +6 4, 1 +9 a. = +9 8, 10 +12 4 
(b) 4 x; 4, 3 X@ 4, 1 X93, 7 X98, 10 X12 4 


Solutions are given on page 42. 


For small values of n, we can conveniently study addition in Z,, by 
constructing addition tables, as follows. 


+o} 01 
a ae | 
tit 


Zi 


In Chapter D1 you saw that 
addition and multiplication 
are commutative and 
associative on C. 
For example, 

2 Xs (3 X5 4) | 
and 


[2 X53) Ke 4 = 4. 


Pi: 


CHAPTER D2 NUMBER THEORY 


Activity 3.2 Patterns in the Z,, addition table 


(a) Construct the addition tables for Z; and Ze. 


(b) What patterns do you see in these and the earlier addition tables? Try 
to explain why these patterns occur. 


Solutions are given on page 43. 


In a similar way, we can construct multiplication tables for Z,,, but here 
the overall structure of the tables is more mysterious. 


Activity 3.3 Patterns in the Z,, multiplication table 


(a) Construct the multiplication tables for Z; and Ze. 


(b) What patterns do you see in these and the earlier multiplication 
tables? ‘ry to explain why these patterns occur. 


(c) Formulate a conjecture about which rows and columns of the 
multiplication table for Z,, include all the numbers from Z,,. 


(Hint: In answering this part, consider the factors of n and of the row 
or column number.) 


Solutions are given on page 43. 


In the solutions to Activities 3.2 and 3.3, we pointed out that, for all a and 
b-in Zn; 


a,b = }>-+, @- and-@ X,b=D x, a. 


These properties may be described by saying that the operations +, and 
x, are both commutative on the set Z,,. These operations are also 
associative on Z,,; that is, for all a, b and c in Z,, 


a+, (b+,c)=(a+,6)4+nce and ax, (bx, c) =(aX,b) Xne. 


These useful properties enable us to write sums a+, 0+, c+, -°:: and 
products a X, bX, CX, +--+ without the need for brackets. 


The proofs of these two associative properties are very similar. We invite 
you to discover the proof for +,, in the next activity. 


SECTION 3 MODULAR ARITHMETIC 


Activity 3.4 Proving associativity 


Prove that, for all a, b, c in Z,,, 
at, (b+nc) = (a+n 6) +, ¢. 


(Hint: Try to show that both sides of this equation are congruent 
modulo n toa+b6+c, using Theorem 1.2.) 


A solution is given on page 43. 


3.2 Multiplicative inverses 


A key question was considered in Activity 3.3: 


Which non-zero rows and columns of the multiplication table for Z,, 
include all numbers from Z,,? 


By inspecting several multiplication tables, we conjectured that the answer 
to this question has something to do with common factors. We say that 
two positive integers a and b have a common factor c if c is a factor of 
both a and b; that is, if c is a positive integer which divides exactly into a 
and b. For example, 


2 and 4 have common factors 1 and 2, 
4 and 15 have common factor 1, 
12 and 18 have common factors 1, 2, 3 and 6. 


Clearly, any two positive integers a and 6 will have c = 1 as a common 
factor. If their only common factor is c = 1, then we say that a and 6 are 
coprime or, equivalently, that a is coprime with b. For example, 4 and 
15 are coprime, but 12 and 18 are not. 


It appears that row a of the multiplication table for Z,, includes all 
numbers in Z,, if and only if a and n are coprime. We shall prove that this 
conjecture is true, but first we ask you to practise finding common factors. 


Activity 3.5 Finding common factors 


(a) Which non-zero numbers in Zy are coprime with 9? 


(b) Check that only the corresponding rows of the multiplication table for 
Z., include the whole of Zo. 


Solutions are given on page 43. 


In all the multiplication tables for Z,, that we have considered, the 
appearance of the number 1 in a given row seems to indicate that the row 
includes all numbers in Z,,. We now establish this property. 


Lemma 3.1 


If 1 appears in a row of the multiplication table for Z,, then each 
number in Z,, occurs exactly once in that row. 


ee eee ~~ FE 1 


While reading this subsection 
you may find it useful to try 
the Mathcad file 221D2-02. 


The following discussion is in 
terms of rows, but it applies 
equally well to columns. 


See pages 22 and 43. 


23 


We say ‘the’ multiplicative 
inverse because, as you will 


see, there can be at most one. 


24 


CHAPIER D2 NUMBER THEORY 


Suppose that 1 does appear in row a, say, of the multiplication table for 
Z,,. This means that there is a number 0 in Z,, such that a x, b= 1. 


Now, suppose that c is any member of Z,,. Then 
(aX, 0) % fete Se, 

so, by the associativity of the operation x,, 
ON 1h hey Se. 


This shows that c lies in column 6 x,, c of row a. Hence, since c is any 
member of Z,,, row a must include the whole of Z,,. Moreover, since Z,, has 
nm members and row a has n entries, each member of Z,, occurs exactly 
once in row a. This proves Lemma 3.1. 


Because Lemma 3.1 shows that the number 1 is of such significance in the 
multiplication table for Z,,, we introduce the following definition. 


Definition 


Let n, a and 6 be positive integers with a and b in Z,,, and suppose 
that a x, b= 1. Then 6 is the multiplicative inverse of a in Z,,. 


For example, 8 has multiplicative inverse 5 in Z,3 because 8 X13 5 = 1, and 
5 has multiplicative inverse 2 in Zg because 5 X9g 2 = 1. On the other hand, 
6 has no multiplicative inverse in Zy (see row 6 of the table in the solution 
to Activity 3.5). 


We can use Lemma 3.1 to show that if a has a multiplicative inverse, then 
that multiplicative inverse is unique. If a has a multiplicative inverse, then 
1 lies in row a. Hence, by Lemma 3.1, each member of Z,, appears exactly 
once in that row. In particular, 1 appears exactly once in row a, and the 
number at the top of the corresponding column is the multiplicative 
inverse of a. 


We now describe a method of finding multiplicative inverses, when they 
exist. For small values of n, they can be found by trial and error, or by 
consulting the multiplication table for Z,, if that is available. However, as 
n increases in size, the following method becomes much more efficient. It is 
known as Euclid’s Algorithm, and was described in Euclid’s Elements, 
which dates from around 300 BC. 


Suppose, for example, that we wish to find the multiplicative inverse of 9 
in Z55; that is, we seek a number b in Zo, such that 9 x2, b = 1, or, 
equivalently, such that 


9b=25k+1, for some integer k. io. 1) 


We apply the Division Algorithm (Theorem 1.1) repeatedly, first dividing 
25 by 9: 


25 = 2 «OF 
9=1x7+2 (3.2) 
123% 2+1 


ties 


At each step we divide the divider in the row above by the remainder in the 
row above, repeating the process until we reach a remainder of 0 (which 
must occur, because the remainders decrease by at least one at each step). 


SECTION 3 MODULAR ARITHMETIC 


We can use the equations (3.2) to find integers b and k which satisfy 
equation (3.1). To do this, we rearrange the first three of equations (3.2) 
and put them in reverse order, as follows: 

1=7-3x2 

ae Rae SS 

i =2Zs—2 X 9. 
We now eliminate multiples of 2 and 7 by successive substitutions, as 
follows: 

i= 7 —3x* 2 

= 7—3(9-1x 7) 

3 XRT | Note that the numbers to be 
= —-3x 9+ 4(25 —2 x 9) substituted have been kept to 
=4% 25-11 x9. —— 


To obtain an equation in the form of (3.1), we rearrange this equation as 
follows: 3 


9 x (—11) = 25 x (—4) +1. a8) 
Thus equation (3.1) holds with 6 = —11 and k = —4. 


The problem with this solution is that b = —11 does not belong to Zys. 
However, it follows from equation (3.3) that 


9 x (—11) = 1 (mod 25), 
and since —11 = 14 (mod 25), we obtain 


9 x 14=1 (mod 25). 


Hence b = 14 is the multiplicative inverse of 9 in Zs. As a check: 
Oo =x 14 = 126 
Activity 3.6 Finding multiplicative inverses =5x25+1. 


Use Euclid’s Algorithm to find: 
(a) the multiplicative inverse of 7 in Zy9; 
(b) the multiplicative inverse of 9 in Zo¢. 


Solutions are given on page 43. 


The above examples indicate that we can find a multiplicative inverse 
whenever repeated use of the Division Algorithm produces a remainder of 
1 at the penultimate step. We now show that the remainder 1 will occur 
whenever a and n are coprime. Indeed, if we try to use Euclid’s Algorithm 
to find the multiplicative inverse of a in Z,,, then it takes the following 


form: 
n=qatni, a 6, 
a=@M1+172; C= < Ti, 
My Fiat Ts, Oe Pack Ras 


P'm—-2 = Imhm-1 + lms O< lat <4 at; 
Pm—-1 = Im4+ilm + 0, 


where m is a positive integer. As noted earlier, the remainders r,,7r2,..., 
decrease by at least one at each step, so they must eventually reach 0. 


20 


If n and a are not coprime, 
then the remainder r,,, in 
Euclid’s Algorithm is the 
highest common factor of n 
and a. 


This theorem also holds if 
‘row’ is replaced by ‘column’. 


For example, see the 
multiplication table for Zs in 
the solution to Activity 3.3. 


26 


CHAPTER D2 NUMBER THEORY 


The final equation shows that r,, is a factor of r,,_;, and then the 
penultimate equation shows that r,, is also a factor of r,,_2. Continuing in 
this way, we find that r,, is a factor of all the remainders, and so of both a 
and n. Since a and n were assumed to be coprime, we deduce that r,, = 1. 
Therefore, the penultimate equation has remainder 1, just as we hoped. 


This reasoning shows that if a and n are coprime, then a does have a 
multiplicative inverse in Z,,. Therefore, we have proved part of the 
following theorem, which answers the conjecture formulated in 
Activity 3.3(c). 


Theorem 3.1 


Let n and a be positive integers, with a in Z,,. The following three 
statements are equivalent: 


(a) a and n are coprime; 
(b) a has a multiplicative inverse in Z,,; 


(c) row a of the multiplication table for Z,, includes all of Z,,. 


To say that these three statements are ‘equivalent’ means that if any one 
of the statements is true, then the other two statements are also true. 


We have just proved using Euclid’s Algorithm that if statement (a) is true, 
then statement (b) is true. We also know that if statement (b) is true, 
then statement (c) is true, by Lemma 3.1. Thus to conclude that all three 
statements are equivalent, we only need to show that if statement (c) is 
true, then statement (a) is true. 


But if row a includes all members of Z,,, then this row certainly includes 1, 
so a has multiplicative inverse, b say: 


ax, b= 
that is, ab = 1 (mod n), and so 
ab=kn+1, 


for some integer k. But this last equation implies that a and n are 
coprime, because any common factor of a and n must also be a factor of 1. 
Thus a and n are coprime, so the proof of Theorem 3.1 is complete. 


The following result follows easily from Theorem 3.1. 


Corollary 3.1 


Let p be a prime number. Then each non-zero row of the 
multiplication table for Z, includes the whole of Z,. 


Corollary 3.1 holds because if p is prime, then any positive integer a in Z, 
has no common factor with p which is greater than 1. Indeed, p has no 
factors other than 1 and p. 


This corollary will have a key role to play shortly in a remarkable result 
about remainders of powers. First, however, we briefly mention the 
relevance of Theorem 3.1 to star polygons. These figures are obtained by 
placing n points evenly around a circle and joining successive pairs of 
points which are a points apart on the circle, where 1 < a < n— 1 (see 
Figure 3.1). If a= 1 or a=n-—1, we obtain an ordinary polygon. 


SECTION 3 MODULAR ARITHMETIC 


19, 6 =o 
Figure 3.1 Two star polygons 


If we label the points 0,1,2,...,2—1, as in the diagrams, and call the 
sequence of points visited on the star polygon 19, %1,...,2%n»_1, where 
Ly = 0, then 


ty =ka(modn), fork =0,1,2,...,n—1. ifn =5 and a = 2, then 


Therefore, the sequence 29, 2%1,...,£n_1 1S identical to the sequence of ro = 0, 
entries in row a of the multiplication table for Z,. Theorem 3.1 implies 2, = 2, 
that the star polygon passes through all n points on the circle if and only —_" 
if a and n are coprime, as in the two diagrams above. You may like to 


, , L3 = :: 
experiment to see what happens when a and n are not coprime. 


ae eS. 


3.3 Fermat’s Little Theorem 


Pierre de Fermat (1601-1665) was a lawyer in the French city of Toulouse, 
who became interested in mathematics. Though only an amateur 
mathematician, he made contributions to number theory that have placed 
him amongst the ‘all-time greats’ of the subject. 


Fermat did not record his results and proofs systematically, but 
communicated them by letters to his friends and scribbled them in the 
margins of his mathematics books. The result we shall now describe was 
sent by Fermat in 1640 to an acquaintance with the comment ‘I’d send you 
the proof, but I fear that it is too long’. In fact, a proof of the result was 
first published by Euler 100 years later. 


Theorem 3.2 Fermat’s Little Theorem Fermat’s Little Theorem is 
often stated with the 


conclusion 


Let p be a prime number, and let a be a positive integer which is not 


a multiple of p. Then 


a®-* = 1 (mod p). a’ = a (mod p), 


which holds even if a is a 
multiple of p. 

This result certainly counts amongst the gems of mathematics, for it is 

easy to state, needs very little prior knowledge to understand, is by no 

means obvious and yet has a short elegant proof (as you will see). 


It has an important application to finding remainders of powers modulo p, 
where p is a prime number. For example, in Activity 1.6(c), you found that 


5° = 1 (mod 7), 


ZA 


CHAPTER D2 NUMBER THEORY 


by calculating the successive powers of 5 modulo 7. However, this 
congruence follows immediately from Fermat’s Little Theorem, by taking 
p= 7 anda=5. More generally: 
1®=1(mod 7), 2°=1(mod7), 3° =1 (mod 7), 
Of course, 7° = 0 (mod 7). 4° =1(mod 7), 5°=1(mod7), 6° =1 (mod 7), 
8° =1(mod 7), 9°=1(mod 7), 10° =1 (mod 7), 


and so on. 


Activity 3.7 Using Fermat's Little Theorem 


Use Fermat’s Little Theorem to find the remainders when 
(a) 31° is divided by 19; 

(b) 3°° is divided by 19; 

(c) 16'° is divided by 11. 

(In part (b), it helps to note that 55 = 3 x 18+ 1.) 


Solutions are given on page 44. 


Remark 


Before applying Fermat’s Little Theorem, we need to be sure that the 
number p is prime. We can easily compile a list of the prime numbers up 
to, say, 100 by inspection: 


2,3, 5,7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97. 


The obvious way to check whether a larger number, such as 10001, is 
prime is to check it for divisibility by the primes 2,3,5, and so on. But 
how many primes do we need to try? In fact, we need only try the primes 
up to floor(./10001) = 100, because if 10001 is not prime, then it will have 
at least two factors, which cannot both be strictly greater than 10001. 
Thus, we need only try the primes on the above list. It turns out that 
10001 = 73 * laf, 80.16 is not prime. 


The above list is also long enough to check whether 10007 is prime, since 
floor(./10 007) = 100; this time it turns out that the number is prime. 


In general, given a positive integer n, we need only test n for divisibility by 
prime numbers up to floor(,/n) in order to check whether or not n is prime. 


There are several ways to prove Fermat’s Little Theorem, but perhaps the 
most elegant uses Corollary 3.1. Suppose first that a is a non-zero member 
of Z,. Then, by Corollary 3.1, row a of the multiplication table for Z, 
includes all of Z,,. 


The bottom right entry in the 
table is 1 because 
(p—1)? =p*—2p+1 
= 1 (mod p). 


28 


SECTION 3 MODULAR ARITHMETIC 


Therefore, the non-zero members of row a of this table are just the 
numbers 


ie (3.4) 


in some order. Because this is a multiplication table, these numbers are 
the remainders on division by p of the products 


a,2a,...,(p—1)a. (3.5) 


Therefore, the product of the p — 1 numbers in (3.5) is congruent modulo p 
to the product of the p — 1 numbers in (3.4): 


ax 2ax---x (p-—l)a=1x2x--- x (p—1) (mod p). 
This congruence can be rewritten as 
a?~"(p — 1)! = (p— 1)! (mod p), 
and then again as 
(a?~* — 1)(p — 1)! is divisible by p. 
Now p is not a factor of (p — 1)!, because p is prime, so we deduce that p is 
a factor of a?-1 — 1. Thus See Remark 1 after this proof, 
ee eke for a justification of this step. 
This is the required result for a in Z,, a £ 0. 


Finally, suppose that a is any positive integer which is not a multiple of p. 
Then 6, the remainder on division of a by p, satisfies 0 < b < p, because a 
is not a multiple of p. Hence, by the first part of the proof, 


bP-* =1(mod p) so a?-'=b?-'=1 (mod p), 


since a = b (mod p). Thus the proof is complete. 


Remarks 
1. In the proof we used the fact that if a product ry has a prime factor p, This is also the key fact 
then at least one of x,y must have factor p. This is not quite so needed to prove uniqueness of 
obvious as it may seem, but can be proved as follows. prime factorisation; see the 
Introduction. 


Suppose that p is a factor of xy but p is not a factor of y. Then the 
remainder r of y on division by p is non-zero. Since p is prime, r has 
multiplicative inverse, z say, in Z,; that is, 


rz =1(mod p), so yz = 1 (mod p). 
Hence x«(yz) = x (mod p), and so x must have a factor p, because 
x(yz) = (xy)z does. 

2. It is possible that a smaller power of a than p— 1 may be congruent to 
1 modulo p. For example, if a = 2 and p= 7, then, by Fermat’s Little 
Theorem, 2° = 1 (mod 7). In this case, however, the power 6 is not the 
smallest possible since 2° = 1 (mod 7) also. 

3. Ifa is a non-zero number in Z,, where p is prime, then by Fermat’s 
Little Theorem, 


ax a?-? =a?-* =1 (mod p). 
Thus the multiplicative inverse 6 of a satisfies 
b =a”~* (mod p). 


Even for large p, this formula is quite a good way to find the 
multiplicative inverse of a in Z,, as long as repeated squaring is used. 


Pay 


This subsection will not be 
assessed. 


For example, 


29 = 274 57. 


For example, 


27° +1 = 257 (a prime). 


The Greek mathematician 
Diophantus is believed to 
have lived around 250 AD, in 
Alexandria. His book 
Arithmetica, a collection of 
problems whose solutions are 
positive integers, had great 
influence in later centuries. 


Elliptic curves have equations 
of the form 


yi =a2°+an*?+br4+e. 


They are not ellipses, but 
they are related to ellipses. 


30 


CHAPTER D2 NUMBER THEORY 


3.4 Fermat’s legacy 


We end this section with some remarks about Fermat’s other work. 


In a letter to a colleague in 1650 he summarised ‘le compte de mes reveries 
sur le sujet des nombres’ (‘the account of my musing on the subject of 
numbers’). Amongst many results, which he stated without proof, were 
the following. 


(1) Every prime number of the form 4n + 1 can be written in a unique way 
as the sum of two squares. 


(2) The equation x* + y® = z° has no solution in positive integers. 
(3) Every integer of the form 2?) + 1 is prime. 


Fermat also described his ‘method of infinite descent’ for proving results of 
this type about positive integers. His idea was to show that if one 
counter-example to the result exists, then there must exist a second 
smaller counter-example, and hence a third yet smaller, and so on. As 
there cannot be infinitely many smaller counter-examples, the original 
counter-example could not have existed. 


It is quite possible that Fermat did prove (1) and (2) by his method, 
but (3) was shown to be false by Euler who found the counter-example 


2? + 1 = 4294 967 297 = 641 x 6 700417. 


Another assertion made by Fermat was that each of the equations 


1 


go? 4g” = 2 5 wee 


has no solution in positive integers. This assertion was written in his copy 
of Diophantus’ Arithmetica. Fermat wrote that he had a truly wonderful 
proof, but the margin was too narrow to contain it. 


During the 18th, 19th and 20th centuries, Fermat’s Last Theorem, as 
his assertion came to be called, acquired increasing celebrity as a succession 
of eminent professional mathematicians tried and failed to solve it. Much 
useful number theory was discovered in the process, but the original 
problem remained stubbornly resistant. When a large prize was offered for 
a solution in 1908, many amateur mathematicians took an interest and the 
professionals have been inundated with alleged proofs ever since. 


Fermat’s Last Theorem was finally proved in 1994. The proof can be said 
to have begun in 1985 when a German mathematician Gerhard Frey 
suggested a possible link between Fermat’s Last Theorem and a conjecture 
about so-called elliptic curves, made by the Japanese mathematicians 
Yutaka Taniyama and Goro Shimura in the 1950s and 1960s. In 1986, the 
American mathematician Kenneth Ribet showed that this conjecture does 
indeed imply Fermat’s Last Theorem. 


At this point, Andrew Wiles, an English mathematician who had trained 
at Cambridge but worked in the United States, decided to try and prove 
the Shimura—Taniyama conjecture. After seven years working in secret, he 
announced, during a lecture in Cambridge in June 1993, that he had 
proved a special case of the conjecture from which Fermat’s Last Theorem 
follows. This announcement made headlines in the world’s press, but a few 
months later a colleague found a gap in Wiles’ 200 page proof. Wiles spent 
a further agonising year working to fill the gap, first alone and later with 
Richard Taylor, an English mathematician then at Cambridge. In October 
1994, when many experts had begun to feel that the gap would not be 
filled, two manuscripts appeared, a long one by Wiles proving the special 
case of the Shimura—Taniyama conjecture (and thus Fermat’s Last 
Theorem) by a different method, and a short one by Taylor and Wiles, 


SECTION 3 MODULAR ARITHMETIC 


containing a key step needed in the long paper. These papers were 
published in the prestigious journal Annals of Mathematics, forming the 
entire content of its May 1995 issue. 


This proof of Fermat’s Last Theorem is remarkable in that it draws on 
many diverse and deep areas of modern mathematics, largely developed 
with different purposes in mind. Parts of the proof have already been 
simplified, but it is very unlikely that such simplification will ever result in 
a proof that Fermat himself could have devised! 


Summary of Section 3 


In this section you have met: 
© the operations +,, and x,, of modular arithmetic; 
© multiplicative inverses, found by Euclid’s Algorithm; 


© atheorem that states which members of Z,, have multiplicative 
inverses; 


© Fermat’s Little Theorem. 


Exercises for Section 3 


Exercise 3.1 


Use Euclid’s Algorithm to find the multiplicative inverses of 
(a) 13 in Z39; (b) 25 in Z3¢; (c) 13 in Zoo. 


Exercise 3.2 


Use Fermat’s Little Theorem to find the remainders when 
(a) 5°° is divided by 13; (b) 41* is divided by 19. 


31 


4 Cryptography 


When a sensitive message is transmitted, it is usually first transformed by 
applying a process called a cipher, in order that the message can be read 
only by those capable of reversing the cipher process. Such ciphers have 
been used throughout history for military and diplomatic communications, 
but in recent years they have been needed increasingly to protect 
electronic transfer of business information and money. 


Taken together these are The design of such ciphers is called cryptography and the process of 
called cryptology. breaking them is called cryptanalysis. 


In this section we give a very brief indication of how number theory has 
contributed to these important subjects. 


4.1 Additive ciphers and multiplicative ciphers 


We begin by defining some basic terms associated with cryptography. A 
message, also known as messagetext or plaintext, consists of a finite 
sequence of characters chosen from some finite set 22, such as the English 
alphabet. We define a cipher to be a function f with domain 22 and 
codomain 2, which is one-one and so has an inverse function f~* with 
domain 2. We also refer to f as a cipher on (1). To encipher a message 
we apply the function f to the characters of the message in turn; this 
produces the ciphertext. To decipher this ciphertext, we apply the 
inverse function f~'. 


For example, if 
R= Ae. eee 


then the following function f is one-one on (2. 


Aes i We Te 
flit ts 4 + + J 
DE PSS ne Se 


The function f transforms each letter to the one three places after it in the 
alphabet (with wrap-around), and f~* transforms each letter to the one 
three places before it (or, equivalently, 23 places after it). Thus f isa 
cipher, which enciphers the message ‘HAPPYNEWYEAR’ to give the 
ciphertext ‘KDSSBQHZBHDU’. It is called Caesar’s cipher, after a 
similar cipher used by Julius Caesar. 


In order to use modular arithmetic in the design of more sophisticated 
ciphers, we replace letters by numbers. In the English alphabet, it is 
convenient to replace the 26 letters by corresponding members of Zo as 
follows. 


AI\BICIDIE| FIGIAIT FZ LE| LI IMINO PIO RS | TU ViWas iis 
4/5|6/7]819/10]11]12]13}14/15]16]17)| 18] 19 | 20} 21 | 22 | 23 | 24) 25] O 


Written in Z5¢, the message ‘HAPPYNEWYEAR’ appears as the sequence: 


In this section, we use the (8, 1, 16, 16, 25, 14, 5, 23, 25, 5, 1, 18),> 
notation (---) for finite 
sequences of integers. 


a2 


SECTION 4 CRYPTOGRAPHY 


and Caesar’s cipher has rule 
f(m) = m +96 3, and f~*(c) = c +26 23. 


Note that throughout this section we use m for a term of the messagetext 
and c for a term of the ciphertext. 


Caesar’s cipher is one example of the family of additive ciphers on the 
set Z,,, defined as follows. 


Definition 


Let n be a positive integer and let k be in Z,, with k 40. The 
additive cipher A, on Z,, has rule 


Ay(m) = m+, k. 


Moreover, it can be shown that A," has rule 
A, (ec) = ese 
where k’ is in Z,, with k +k’ =n. 


(We have included a result in the definition box so that the rules for A, 
and A,” are in one place.) 


In Caesar’s cipher we have n = 26, k = 3 and k’ = 23. When a family of 
ciphers depends on a parameter k in this way, the parameter is called the 
key. Although a given fixed additive cipher would not be very secure, 
considerably more security could be achieved by refinements such as the 
following: 


© letting the key vary through the message in some complicated way, 
known to both the encipherer and the decipherer; 


© splitting the message into blocks of d characters in Z,,, transforming 
each block (mo,™m1,™m2,...,7™g_1) by a one-one function such as 
(Mo,™M1,M2,-.-.-,Mg_-1) > M +m, Xn+mMy, xn? 4+-+-+mg_1 xn! 
into an integer in Zy, where N = n%, and then using an additive 
cipher on Zy. 


We shall ignore such refinements and methods of breaking ciphers. We 
concentrate on defining families of ciphers, using modular arithmetic, 
which are likely to be intrinsically better than additive ciphers. Our model 
for such ciphers is shown in the diagram below. 


m Ax(m) =c + azt}» azo) =m 


Figure 4.1 


Thus A; has domain Z,,. 


33 


Thus M,,* is the 


multiplicative cipher M;,,. 


For example, 


9 x 8 = 20 (mod 26). 


Note that 26 and 7 are 
coprime. 


34 


CHAPTER D2 NUMBER THEORY 


Another family of ciphers on Z,, which are easy to implement are the 
so-called multiplicative ciphers. 


Definition 
Let n be a positive integer and let k in Z,, be coprime with n. The 
multiplicative cipher M;, on Z,, has rule 


Moreover, it can be shown that M,* has rule 


Mie SE ae 


where k’ is the multiplicative inverse of k in Z,,. 


We know that k has a multiplicative inverse k’ in Z,, by Lemma 3.1, since 
k and n are coprime. Moreover, by Theorem 3.1, row k of the 
multiplication table for Z,, includes each member of Z,, exactly once. Since 
this row is the image set of M;,, it follows that M; is one-one. The rule for 
its inverse function follows from the fact that if c= k x, m, then 


kl x, ck’ ®j (404, ones Pee ae 
Taking n = 26 and k = 9, we obtain the cipher 
Mo(m) = 9 X26 ™m, 
which enciphers our ‘HAPPYNEWYEAR’ message as follows. 


$1 “Ie 16° 2 14 32 -2o. 0 Pe ee 


ee ee ee Se ee ee 
90°--9 14°14 17 22" 19-25 TY 19°90 - 6 (eiphetes 


To decipher the ciphertext we need to apply the inverse function Mg, e 
Since 9 has multiplicative inverse 3 in Zag, we have My = Moo hee 
example, the first character of the ciphertext above is c = 20, and 


M, * (20) — M3(20) == 3 X26 a= 8, 
because 60 = 8 (mod 26). This is indeed the first character of the message. 


Activity 4.1 Multiplicative ciphers 


A multiplicative cipher on Zy. is defined by the function 
M7(m) = 7 X26 mM. 
(a) Determine the multiplicative inverse of 7 in Ze. 
(b) A message is enciphered using M; to give the ciphertext: 
(10, 194, 9; 4, 22, 2, 2 00,2, 9). 
What was the message? 


Solutions are given on page 44. 


SECTION 4 CRYPTOGRAPHY 


4.2 Exponential ciphers and RSA ciphers 


Additive and multiplicative ciphers both have the serious disadvantage 
that if a cryptanalyst can obtain a small amount of messagetext and its 
corresponding ciphertext, then the key can easily be found. 


Our next family of ciphers does a better job of concealing its key. These 
ciphers are defined on sets Z, = {0,1,2,...,p— 1}, where p is a prime 
number. For example, we might use p = 29, so that 0,1,...,25 could 
represent the English alphabet as before. 


Definition 


Let p be a prime number and let k in Z,_; be coprime with p — 1. 
The exponential cipher £;, on Z, has rule 


E,(m) = m* (mod p). This congruence defines 
E;,.(m) uniquely since we 
want E;,(m) to lie in Z,. 


Moreover, it can be shown that E,* has rule 


E,*(c) = ck (mod p), 


where k’ is the multiplicative inverse of k in Z,_1. 


At first sight it is not at all clear that this function E; is one-one, nor that 
E,,* = Ex, but we shall see that this is the case. First, however, we look 
at an exponential cipher in action. Take p = 29 and choose the key k € Zo: 
so that k and p — 1 = 28 are coprime; for example, take k = 5. If m = 2 is 
a term of the message, then E,.(m) is 
E(2) = 2° (mod 29) 

= 32 (mod 29) 

= 3 (mod 29). 
Thus the corresponding term of the ciphertext is c = 3. 


To decipher, we apply the inverse function E;*. The multiplicative inverse 
of 5 in Zog is 17, so Hs ° = E,7. We can evaluate c!’ = 3" (mod 29) using 5x17=85=3x28+1. 
the repeated squares technique. 


3° 3° | 3* | 3 | 3' [3" See Subsection 1.3. Note the 
32° (mod 29)1 3) 91 23) T' 1 20 following shortcut: 
We obtain 23° = {+-6)* = 7.(med. 20). 


ch = 3" =3 x 3° =3 x 20 = 60 = 2 (mod 29), 
giving m = 2, as expected. 


To prove that E; is one-one and that E,' = Ey, is tricky. It is sufficient to 
show that if m is in Z, and c= m* (mod p), then c* =m (mod p). If 
c = m* (mod p), then we have 


c* = (n* =n Good 9). 


Since k’ is the multiplicative inverse of k in Z,_,, there is an integer / such 
that kk’ = I(p —1)+1, and so 
mek ms mie-t+1 es (m?-')!m. 


If m #0, then m is a positive integer in Z, and so is not a multiple of p. 
Hence Fermat’s Little Theorem implies that m?~' = 1 (mod p), which gives 


m** =m (mod p), 


35 


Much larger prime numbers 
are used in practice, together 
with the blocking technique 
described in Subsection 4.1, 
but here we are deliberately 
keeping the numbers small. 


36 


CHAPTER D2 NUMBER THEORY 


a congruence which also holds when m = 0. Thus 
c* = m** = m (mod p), 


as required. 


Activity 4.2 Deciphering an exponential cipher 


An exponential cipher is defined on Z29 by 
E3(m) = m? (mod 29). 
(a) Determine the multiplicative inverse of 3 in Zo. 
(b) A message was enciphered using £3 to give the ciphertext 
(8,9). 
What was the message? 


Solutions are given on page 44. 


To see why an exponential cipher is better than an additive or 
multiplicative one, imagine that a cryptanalyst knows that m is enciphered 
to c by an exponential cipher: 


c= E,(m) = m* (mod p), (4.1) 


where the key k is coprime with p — 1. The problem is to find k, given 
congruence (4.1). For small values of p, the key can be found by checking 
all possible values of k, but for larger values of p the problem is much 
harder, and certainly very much harder than the corresponding 
enciphering calculations. When congruence (4.1) holds, k is called the 
discrete logarithm of c with base m and modulus p, and, as you may 
imagine, the problem of computing discrete logarithms has received much 
attention from number theorists and cryptographers. 


Finally, we describe the RSA ciphers, so-called because they were invented 
by R. L. Rivest, A. Shamir and L. Adleman, in 1977. These ciphers are 
defined on sets of the form Z,, = {0,1,2,...,pq—1}, where p and q are 
prime numbers. For example, we might use p = 5 and q = 11, so that 
0,1,...,25 could represent the English alphabet as before. 


Definition 


Let p and q be prime numbers and let k& in Z(,-1)(g-1) be coprime with 
(p —1)(q—1). The RSA cipher R;, on Z,, has rule 


R,(m) = m* (mod pq). 


Moreover, it can be shown that R,* has rule 
R,*(c) =c* (mod pq), 


where k’ is the multiplicative inverse of k in Z(p-1)(q-1)- 


SECTION 4 CRYPTOGRAPHY 


Once again, it is not obvious that the function R;, is one-one, nor that 

R,* = Ry, but we shall see that this is the case. First, however, we look 
at an RSA cipher in action. Take p = 5, g = 11 and choose the key k € Zao 
so that k and (p — 1)(q — 1) = 40 are coprime. For example, take k = 7. 


If m = 8 is a term of the message, then R;,(m) is 

R,(8) = 8" (mod 55). 
Using repeated squaring, we obtain 

ll 1 oS 

8?" (mod 55) | 8 | 9 | 26 
and so 

£(8\=8' =8' x8 x8 =8 x9 x 26 = 2 {mod 55). 
Thus the corresponding term of the ciphertext is c = 2. 


To decipher, we apply the inverse function R7*. The multiplicative inverse 
of 7 in Zao, is 23, so R7* = Ry3. We can evaluate c?3 = 273 (mod 55) using 
the following table. 


92" 91 92 94 98 916 
2?" (mod 55) | 2 | 4 | 16 | 36] 31 
We obtain 


2735 = 2) x 2? x 24x 2° =2x4-x 16 x 31 =18 x 31 = 8 (mod 55), 
giving m = 8, as expected. 


To prove that R, is one-one and that R,* = R,, is again tricky. It is 
sufficient to show that if m is in Z,, and c = m* (mod pq), then 


c* =m (mod pq). If c= m* (mod pq), then we have 


c* = (m*)® = m* (mod pq). 


Since k’ is the multiplicative inverse of k in Z(p_1)(g-1), there is an integer / 
such that kk’ = l(p—1)(q—1) +1, and so 


mre ee mie-D(q-)+1 a (m?-1)9-D im, 


If m is not a multiple of p, then Fermat’s Little Theorem implies that 
m?~' = 1 (mod p), which gives 


m** =m (mod p), 


a congruence which also holds if m is a multiple of p (including the zero 
multiple). Similarly, 


m** =m (mod q). 


Hence m** — m is divisible by p and by gq, and so by their product pq, 
since p and gq are primes. Thus 


c* = m** = m (mod pq), 


as required. 


7% 23 = 161=—4x 4041 


Thus, in particular, m # 0. 


This follows by Remark 1 on 


page 29. 


of 


The remainder of this section 
will not be assessed. 


38 


CHAPTER D2 NUMBER THEORY 


Activity 4.3 Deciphering an RSA cipher 


An RSA cipher is defined on Zs; by 
Roz(m) = m*" (mod 55). 
(a) Determine the multiplicative inverse of 27 in Z4o. 


(b) A message was enciphered by R27 to give the ciphertext 
(9,5). 
What was the message? 


Solutions are given on page 44. 


The calculations above do not indicate why RSA ciphers are so significant. 
Notice, however, that in order to apply the formula R;,(m) = m* (mod pq) 
the encipherer needs to know the values of the product pq and the 
exponent k, but does not need to know the values of p and q. Indeed, for 
large primes p and gq it may be extremely difficult to factorise pq, taking 
years of computer effort if pq is, say, several hundred digits long. Thus the 
encipherer will be unable to find p and q, except by luck, and so unable to 
find k’ which is needed for deciphering. On the other hand, the 
calculations involved in using an RSA cipher with such large numbers are 
feasible on suitably programmed machines. 


All this means that a person P, who wishes to receive enciphered messages 
that cannot be deciphered by anyone else, can choose large primes p and g, 
find k with multiplicative inverse k’ in Z(p_1)(g-1) using Euclid’s algorithm, 
and then make public the values of k and the product N = pq. To encipher 
a message to P, any other person represents their message as a sequence of 
(large) integers in Zy, by using the blocking technique described earlier in 
this section, and then enciphers these integers with the function defined by 


R,(m) = m* (mod N), 


evaluated by the repeated squares method. Only P knows the value of k’, 
so only P can decipher such messages using R,' = Ry. 


The RSA cipher is an example of a so-called public-key cipher, for 
which the enciphering process can be made public without betraying the 
deciphering process. The existence of such ciphers creates the possibility of 
each person (and each organisation) publishing their own RSA cipher, 
which can be used to send them private messages, funds, and so on. 


This possibility raises many issues of great significance, not least of which 
is the displeasure of governments, who may prefer to be able to monitor 
the activities of their citizens while keeping their own activities ‘secure’. 
Indeed, there has already been controversy about the publication of certain 
public-key ciphers. On the other hand, there is a great incentive to 
researchers in number theory to find ever better algorithms to factorise 
large numbers, in order to facilitate the breaking of RSA ciphers. There is 
even the possibility that a more efficient algorithm may be found to 
decipher an RSA cipher, without the need for factorisation. Anyone finding 
such an algorithm should expect a large amount of interest to be shown in 
their work! 


SECTION 4 CRYPTOGRAPHY 


Summary of Section 4 


In this section you have seen how number theory plays an unexpected role 
in modern methods of cryptography. 


Exercises for Section 4 


Exercise 4.1 


Decipher each of the following pieces of ciphertext. 

(a) (15, 28,5,2), which was enciphered using the multiplicative cipher 
M,3(m) = 13 X39 ™m on VE 

(b) (25, 13,19), which was enciphered using the exponential cipher 
Fo5(m) = m?? (mod 37) on Z37. 

(c) (26, 30,4, 12,9, 24,26), which was enciphered using the RSA cipher 
R13(m) = m'* (mod 33) on Z33. 

In each case the English alphabet is represented as follows. 


A|B|C a. ae aes 
ee kee 24 | 25 | 26 


Note that the multiplicative inverses needed for this exercise were all 
calculated in Exercise 3.1. 


og 


5 Number theory and Mathcad 


40 


A 


In this section, you have the opportunity to develop your understanding of 
the concepts in this chapter, to check some of your earlier calculations, and 
also to try out the methods with much larger numbers than your 
calculator can handle. 


The computing work for this chapter uses Mathcad to: 


7, 
ro, 


o 


© 
7 
7 


calculate the quotient and remainder in the Division Algorithm; 


calculate the remainders on division by n of a sequence of powers a*, 
oe ay See: 


calculate the remainders on division by n of a power a 
repeated squaring algorithm; 


* using the 
generate addition and multiplication tables for Z,,; 
calculate multiplicative inverses, using Euclid’s Algorithm; 


factorise large numbers and also multiply large numbers. 


Refer to Computer Book D for the work in this section. 


Summary of Chapter D2 


In this chapter you acquired some techniques of number theory and 
applied some of its basic results. In particular you have seen the 
application of Fermat’s Little Theorem in cryptography. 


Learning outcomes 


You have been working towards the following learning outcomes. 


Terms to know and use 


Division Algorithm, quotient, remainder, divisible by n, divisor, factor, 
congruent modulo n, congruence, modulus, digit sum, alternating digit 
sum, common factor, coprime, multiplicative inverse, Euclid’s Algorithm, 
cipher, messagetext, ciphertext, additive cipher, key, multiplicative cipher, 
exponential cipher, RSA cipher. 


Terms to be aware of 


Theorem, lemma, corollary, counter-example, commutative operation, 
associative operation, star polygon, cryptography, cryptanalyst, encipher, 
decipher, Caesar’s cipher, discrete logarithm, public-key cipher. 


Notation to know and use 
a=b(mod n),a#b(mod n),a=b=c (mod n), Zr, +n, Xn- 


Mathematical skills 
© Apply the Division Algorithm (Theorem 1.1). 
© Follow the use of Properties of Congruence (Theorem 1.2). 


© Find remainders on division of large numbers by: 


$9.11: 2.4.8...) 6 eer dS. 


© 


Construct tables for +,, and x,, for Z,,, and describe patterns therein. 


© Use Euclid’s Algorithm to find the multiplicative inverse of an element 
cr ao 
© Follow the development of Theorem 3.1. 


© Use Fermat’s Little Theorem (Theorem 3.2) to find remainders of 
powers modulo p. 


© Use additive, multiplicative, exponential and RSA ciphers to encipher 
a message and to decipher a ciphertext. 


Al 


Solutions to Activities 


Solution 1.1 


There is no need to use q = floor(a/n) if you can ‘see’ 
how the division of a by n works out. 


(a) Here 77 =8 x9+5, so 
g= 8 amt = S. 
(b) Here 
q = floor(—100/11) = floor(—9.0909...) = —10, 


SO 
r = —100 — (—10) x 11 = 10. 
(c) Here 
q = floor(987 654 321/8) = floor(123 456 790.1...) 
— 123 456 790, 
SO 


r = 987 654321 — 123456 790 x 8 = 1. 


Solution 1.3 

We can write 
a =p 

where p and r are integers with 0 <r <n. 

Since a — b is a multiple of n, we can write 
a—b=kn, 

where k is an integer. 

Eliminating a from these equations, we obtain 
b=a—kn=(pn+r)—kn=(p—k)n+r. 

Because p — k is an integer, it follows from the 

Division Algorithm that b also has remainder r on 

division by n. 

Solution 1.4 

(a) True 

(d) True 


(b) False 
(e) True 


(c) True 
(f) True 


Solution 1.5 


Since equations (1.2) hold, we deduce, by 
subtraction, that 


(a — b) —(c—d) = kn — In, 
that is, 
(a—c)—(b—d) =(k-J)n, 


and this implies that a —c = b—d (mod n), since 
k — 1 is an integer. 


42 


Solution 1.7 
We obtain 
15" = 15 (mod 55), 
15? = 225 = 5 (mod 55), 
1S? =.5° = 25 (med 54), 
15° = 257 = 20 (med Bo), 
15 = 20" = 15 (od Sa). 
Since 19 = 1+2+16, we obtain 
15° = 15' x 15° «1b (ae 
= 15 x 5 x 15 (mod 55) 
= 1125 = 25 (mod 55), 


as required. 


Solution 2.5 


(a) This number is divisible by 2 and, from 
Activity 2.1, is congruent to 2 modulo 3. Hence, 
by congruence (2.2), rg = —4 (mod 6), so the 
remainder on division by 6 is rg = 2. 


(b) This number is congruent to 2 modulo 3 and, 
from Activity 2.4, is divisible by 4. Hence, by 
congruence (2.3), r12 = 8 (mod 12), so the 
remainder on division by 12, is rj2 = 8. 


Solution 2.7 


(a) On division by 7, the remainders are: 


6 | 341 | 723 | 110 | 832 | 864 
6-5 | 2° = & |~3 ‘(med 7) 


and their alternating sum is 
7-645 — 23 t==2 


Hence the number is congruent to —1 modulo 7, 
and so gives remainder 6 on division by 7. 


(b) On division by 13, the remainders are: 


6 | 341 | 723 | 110 | 832 | 864 
Hrs 8 6 0 6 (mod 13) 


and their alternating sum is 
6-9-6 —68+5-—6= 1. 
Hence the number gives remainder 1 on division 
by 13. 
Solution 3.1 
(a) 3; ty 4 6,2 
(b) 1, 0,3, 2,4 


Solution 3.2 


(b) The most striking pattern is that each row is 
obtained from the one above by shifting the 
entries one place to the left, moving entries 
which drop off the left end to the right end. In 
particular, the entries in each ‘uphill’ diagonal of 
a table are constant. 


This pattern arises because if you increase the 
row number by 1 and decrease the column 
number by 1, then the corresponding sum 
remains the same. 


One consequence of this pattern is that the 
addition table is symmetric under reflection in 
its main ‘downhill’ diagonal. This symmetry of 
the table reflects the fact that, for all a and 6 


nm 2. 
a+b=b6+a, 
SO 
a+, b6=6+4+, 4a. 
Solution 3.3 


(b) There seems to be no striking overall pattern of 
the type seen in the addition tables. 


However they are symmetric under a reflection 
in the main ‘downhill’ diagonal because, for all 
a, 0 Wy Za, 


a X=) et, 
SO 
ox, tb =o. 


(There are other symmetries of the tables 
obtained by omitting row 0 and column 0, which 
you may like to investigate. ) 


(c) It appears that a non-zero row (or column) of 
the multiplication table for Z,, includes all the 
numbers from Z,, if and only if the row (or 
column) number has no factors in common 
with n, other than 1. For example, in the table 
for Zg, rows 1 and 5 include all of Z., but the 
other rows do not. 


SOLUTIONS TO ACTIVITIES 


Solution 3.4 


Using the definition of +, and Theorem 1.2(d), we 
obtain 


a+ (b+, c) (mod n) 
=a+(b+c) (mod n). 


atny(b+n c) 


Similarly, 

(a+, 6b) +nc=(a+b)+c (mod n), 
and so the associativity of +, follows from that of 
ordinary addition: a+ (b+c) =(a+b)+c. 
Solution 3.5 
(a) 1, 2, 4, 5, 7and 8 are coprime with 9. 


(b) The multiplication table for Z9 confirms that 
rows 1, 2, 4, 5, 7 and 8 include the whole of Zo, 
whereas rows 0, 3 and 6 do not. 


1 ; t. 7-8 

Gif tf ff G6 0 8 8 
oer) es So 4 6 G7 CB 
a A a ee ee: ee ee ee ed 
i e-— 6 6 3-6-0 3 6 
a OE SS GB CUCdSCSSS 
e623 7 § 8 4 
7. 23° eS Ss 06 3 
= 2. Se ee ee ee es ee 
— 2 ees { 6 & 4-23 .2.A1 

Solution 3.6 


(a) Using the Division Algorithm repeatedly (until 
remainder 1 appears): 


1 =1 «7 +5 
7 =)x5+2 
wae? x2 Sk 


Eliminating multiples of 2 and 5: 


Ce ee ee 
=5-—2(7-1x5) 
=-2x7+3x0 
=-2x7+3(12-—1x 7) 
= oxi = 5K 7: 

Hence 


7 x (—5) = 12 x (-3) +1, 


so 7 xX (—5) = 1 (mod 12), and thus the 
multiplicative inverse of 7 in Zi is -5+12= 7. 


(b) Using the Division Algorithm repeatedly: 
26=2x9+8 
9=4% 64+ 


Eliminating multiples of 8: 


b=9-—1x8 
=9-—1x (26-2 x 9) 
= —-1 x 20+3 x 9. 


43 


CHAPTER D2 NUMBER THEORY 


Hence 
9x9 doc 26 1, 
so 3 x 9=1 (mod 26), and thus the 
multiplicative inverse of 9 in Zg¢ is 3. 
Solution 3.7 


(a) By Fermat’s Little Theorem, with p = 19 and 
a = 3, we know that 31° = 1 (mod 19). Hence 
the remainder is 1. 


(b) By (a) and Theorem 1.2, 


3 = ger! sig”) x Sat xt Sa. 


Hence the remainder is 3. 


(c) First 16 = 5 (mod 11), so 16'°3 = 51% (mod 11). 
By Fermat’s Little Theorem, with p = 11 and 
a = 5, we know that 5'° = 1 (mod 11). 
Therefore 


16193 ro 5103 —4 Cs ae x 53 


= 1x 125=4 (mod 11). 
Hence the remainder is 4. 


Solution 4.1 
(a) Using the Division Algorithm repeatedly: 


26 = 3 xT +5 
_ 2. & eS 
te. a oe 


Eliminating multiples of 2 and 5: 


l=5-—2x*2 

=5-—2(7-1x5) 

=-2x7+3x5 

= —2x 7+ 3(26 — 3 x 7) 

= 20 S,kd &, L. 
Hence 


—l1x7=-3x 26+1, 
and since —11 = 15 (mod 26), the multiplicative 


inverse of 7 in Zo¢ is 15. 

(b) The message is deciphered by applying 
M,*(c) = Mj5(c) = 15 X26 c. Thus we need to 
find 

=(10) = 15 xog 10 = 20, 

5(1) = 15 xg 1 = 15, 

5(14) = 15 xog 14 =2, 

( 
( 


Ss 5 5 


5 oP = 35 Ko6 9 = 5, 
Mis 22) st 15 Xog 22 = 18, 
Mj5(20) = 15 Xo¢ 20 = 14. 


Hence the messagetext is 


(20, 15, 2,5, 15, 18, 14, 15, 20, 20, 15, 2, 5). 


a4 


This represents 
‘TOBEORNOT TOBE’ 
in the English alphabet. 


Solution 4.2 
(a) Since 28 = 9 x 3+1, we have 
—§ xS—Ps 2 + I, 
SO 
~9 x 3= 1 (mod 28) 


and hence —9 + 28 = 19 is the multiplicative 
inverse of 3 in Zo. 


(b) To decipher the message we find Fj9(8) and 
F19(9). Since 
82" 

82" (mod 29) 


we obtain 


gi? = 8! x 8* x 8" = 8 x 6 x 23 = 2 (mod 29), 


so Ey9(8) = 2. Similarly 
92" gl 92 94 98 glé 
92" (mod 29) | 9 | 23:19 aa ae 


gives 


919 = g! x 9? x 91 = 9 x 23 x 23 = 5 (mod 29), 


so Ej9(9) = 5. Hence the deciphered message is 
(2,5), which would represent ‘BE’ in the English 
alphabet. 


Solution 4.3 


(a) Using the Division Algorithm repeatedly: 


40 =) & Zr 1S 
at a2 SAS 4-1. 


Eliminating the multiple of 13: 
l=27 —-2x 13 
= 27 — 2(40 — 1 x 27) 
== g XO +S XK ZY. 


Hence 3 x 27 = 2 x 40+ 1, so the multiplicative 
inverse of 27 in Zao is 3. 


(b) To decipher the message, we find R3(9) and 
R3 (5): 


9? = 729: 14 fod 55) 
and 
59 = 125 = 15 (mod 55). 


Hence the deciphered message is (14, 15), which 
would represent ‘NO’ in the English alphabet. 


Solutions to Exercises 


Solution 1.1 


(a) Repeated multiplication by 4 gives the following 


table. 
ia ee oe wae Lae te 
4° (yee-11} ) 1 4-38) oe, fF I 


Hence 


4* = 1 (mod 11), whenever k is a multiple of 5, 


SO 
4 Sa" x 4 S 5x 1 = 5 (modi): 


Thus the remainder is 5. 


(b) Repeated multiplication by 8 gives the following 


table. 
gr g0 gi Q2 83 
8" (mod 25) | 1 8 | 14 
Qt 8s 89 g10 
211 16.) 3. 1-24 


Thus the remainder is 24. 


(Note the possible shortcut here: 


gi? = 8° x 8° = 18 x 18 = 324 = 24 (mod 25).) 


Solution 1.2 
(a) Repeated squaring gives 
4?" 4) } 41.441 48 
42" (mod 11) | 4 | 5 | 3 | 9 


SO 


4i2 = 4* x 48 =3 x 9 = 27 = 5 (mod 11). 


As expected, the remainder is 5. 
(b) Repeated squaring gives 
8?" ia) Ss. 2° 
82" (mod 25) | 8 | 14] 21 | 16 


SO 


ae a 
12 | 22118] 19 


go 


gi = g* x 8 = 14 x 16 = 224 = 24 (mod 25). 


As expected, the remainder is 24. 


Solution 2.1 


In each case, the positive integer a has the same 


remainder as that of its final digit. ‘These remainders 
are the same because the difference between a and its 


final digit is divisible by each of 2, 5 and 10. (For 


example, 112973 — 3 = 112970, which is divisible by 


2, 5 and 10.) 


Solution 2.2 


In each case, we use r, to denote the remainder on 
division by n. 


(a) 


+. 
The digit sum is 53 = 17 x 3+ 2, so rg = 2. 


The number formed from the last two digits is 
53, and 53 = 13 x 4+ 1, sor, = 1. 


T5 = 3 
re = 3rq — 2r3 = 3 —4 = —1 (mod 6), so rg = 5. 
The required remainders are as follows. 


5 | 230 | 612 | 009 | 721 | 753 
S| 6 3 2 0 4 (mod 7) 


Hence r7 = 4—0+2-—3+6-—5=4 (mod 7), so 
fr = 


The number formed from the last 3 digits is 753, 
and 753 = 94 x 8+ 1, sorg = 1. 


The digit sum is 53 = 5 X 9+-8, so rg = 8. 
T1090 = S 

The alternating digit sum is 24 — 29 = —5, so 
T11 = 6. 

T12 = 4r3 — 3r4 =8-—3=09 (mod £2), sO 

TM12 = 9 


Solution 2.3 


(a) 


If a has remainder rz on division by 2 and r7 on 
division by 7, then 


a=2q.+reg and a= f/q7+Tr7, 


where gz and q7 are the respective quotients. We 
now manipulate these two equations to obtain a 
on the left-hand side and multiples of gz and q7 

which are divisible by 14 on the right-hand side: 


a= (4— be 
= 7(2q2 + r2) — 6(7q7 + 17) 
= (14q2 — 42q7) + (7r2 — 6r7) 
= 14(q2 — 3q7) + (7re — 677). 
Thus a = 7r2 — 6r7 (mod 14), and hence 
ry4 = Trg — 6r7 (mod 14). 
In Exercise 2.2, ro = 1 and r7 = 4, so 
ra =7xX1-6x4=-17 (mod 14), 


ge: 7ia = 11. 


49 


CHAPTER D2 NUMBER THEORY 


Solution 3.1 


(a) 


Using the Division Algorithm repeatedly: 


su = 2x 1344 
ig=3 x4+ 1. 


Eliminating multiples of 4: 


1=13-3x4 
= 13 — 3(30 — 2 x 13) 
=7x13—-—-3 x 3 


Hence 7 x 13 = 3 x 30+ 1, so the multiplicative 
inverse of 13 in Z39 is 7. 


Using the Division Algorithm repeatedly: 


. oe ae aoe or BI 
Zo = 2K IES a 
es a oe: 
a= 124+ 


Eliminating multiples of 2, 3 and 11: 
1=3-1x2 

= 3-(11-3x3) 
==1T+4x 3 
= —11+44(25 — 2 x 11) 
=4% 230% 11 
= 4 x 25 — 9(36 — 1 x 25) 
= —9:«K 36+ 13 «25. 


Hence 13 x 25 = 9 x 36+ 1, so the multiplicative 
inverse of 25 in Z3¢ is 13. 


Using the Division Algorithm repeatedly: 


20 = 1 «134-7 
13 = 1&7 +6 
(= Exo +i, 


Eliminating multiples of 6 and 7: 
= 7=1 xt 
= 7-—(13-—1x 7) 
=o hig Ke 
= —13 + 2(20 — 1 x 13) 
= =i Kk 1S 2 ae 
Hence —3 x 13 = —2 x 20+ 1, and since 


—3 = 17 (mod 20), the multiplicative inverse of 
13 in LZ 40 eis. 


Solution 3.2 


(a) 


By Fermat’s Little Theorem, 51% = 1 (mod 13), 
sO 


576 = (514)? x 5° = 25 = 12 (mod 13). 


Hence the remainder is 12. 


46 


(b) First 41 = 3 (mod 19), so 41*1 = 3*' (mod 19). 
By Fermat’s Little Theorem, 3'® = 1 (mod 19), 
SO 


41** = (3"*)? x 3° 
= 3° =27x9=8x9=72 =15 (mod 19). 


Hence the remainder is 15. 


Solution 4.1 


(a) By Exercise 3.1(a), the multiplicative inverse of 
13 in Zo is 7, so 5 — M-. Thus we need to 
find 


M7(15) = 7 X39 15 = 15, 
which gives ‘O’; 

M7(28) = 7 X30 28 = 16, 
which gives ‘P’; 

M7(5) = 7 X305 =5, 
which gives ‘E’; 

M7(2) = 7 X30 2 = 14, 
which gives ‘N’. 
Thus the message was ‘OPEN’. 


(b) By Exercise 3.1(b), the multiplicative inverse of 
25 in Z36 is 13, so ee = E13. Thus we need to 
find 


E43(25), E13(13), F43(19). 
Repeated squaring gives 
Lae o51 | 95" | 2 la 
25° (mod S7)| 25./ 33 | 16 ae 
and so 
E43(25) = 25°° 
= oh x 25° x 25° 
= 25 x 16 x 34 
= 30 x 34 = 21 (mod 37), 
which gives ‘U’. 
Repeated squaring gives 
1S oll 313° .| 18 
ia” (eee or 93 | 21 | 34 8 


and so 
|e 
24915" se 
= 13x 34x9 


= 35 x 9 = 19 (mod 37), 
which gives ‘S’. 


Repeated squaring gives 
19?” 191 | 19? | 194 | 198 
19? {mod 37) | 19 | 28°|-7 | 12 
and so 
Ease 
= 19' x 19* x 19° 
= 19x 7x 12 = 22 x 12 =5 (mod 37), 
which gives ‘E’. 
Thus the message was ‘USE’. 


Note that 33 = 3 x 11, so with p= 3 andqg=11 
we obtain (p — 1)(q — 1) = 20. Thus, to find the 
inverse function for the RSA cipher R13 on Z33, 
we need to determine the multiplicative inverse 
of 13 in Zoo. By Exercise 3.1(c), we know this to 
be 17, so Riz = R17. Thus we need to find 


R17(26), Ry7(30), Ri7(4), Ri7(12), Ri7(9), Ri7(24). 


SOLUTIONS TO EXERCISES 


Repeated squaring gives 
267" 
262" (mod 33) 


26°° 


and so 
R17(26) = 26"" 
= 26' x 26'° = 26 x 4=5 (mod 33), 
which gives ‘E’. 
In the same way, we find that 
Ri7(30) = 24, Ri7(4) = 16, Ri7(12) = 12, 
Ry7(9) = 15, Ry7(24) = 18, 
and so the message was ‘EXPLORE’. 


47 


Index 


additive cipher 33 
alternating digit sum 16 
associative 22 


Caesar’s cipher 32 
cipher 32 
ciphertext 32 
common factor 23 
commutative 22 
congruence 9 
congruent modulon 9 
coprime 23 
cryptanalysis 32 
cryptography 32 
cryptology 32 


decipher 32 

digit sum 15 

discrete logarithm 36 
divisible 7 

division algorithm 7 
divisor 7 


encipher 32 
Euclid’s algorithm 24 
exponential cipher 35 


factor — 7 

Fermat’s last theorem 30 
Fermat’s little theorem 27 
floor(z) 8 


key 33 


messagetext 32 

modular arithmetic 21 
modulus 9 
multiplicative cipher 34 
multiplicative inverse 24 


properties of congruences 10 
public-key cipher 38 


quotient 7 


remainder 7 


RSA cipher 36 


star polygons 26 


48 


3 
o 
~ 
© 
z 
Pa 


